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DETAILED ACTION 
Status of Claims 

1. This action is in reply to the remarks and amendment filed on February 1, 2008. 

2. Claims 1-24 are currently pending and have been examined. 

Claim Objections 

3. Claim 23 is objected to under 37 CFR 1.75(c), as being of improper dependent form for failing 
to further limit the subject matter of a previous claim. Applicant is required to cancel the claim(s), or 
amend the claim(s) to place the claim(s) in proper dependent form, or rewrite the claim(s) in 
independent form. Article of manufacture claim 23 can be infringed without necessarily infringing 
method claim 1. 

Response to Arguments 

4. The following applicant's arguments filed on February I 2008 have been considered but are 
not persuasive. 

With respect to claims 1, 4-5, 7-8, 10-16 and 18-24 rejected under 35 U.S.C. 103(a) as being 
unpatentable over U.S. Patent 6,1261,139 to Win (hereinafter "Win") in view of U.S. Published 
Application 2002/0029339 of Rowe (hereinafter "Rowe"), the Applicant argues the following: 



The Applicant argues that Win makes no mention whatsoever of financial transactions or of 
privileges and limitations for performing financial transactions. The Examiner respectfully 
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disagrees. Win discloses a method comprising storing information that defines administration 
roles, that associates a user with one or more of the administration roles, and that associates 
each administration role with one or more administrative privileges (Abstract). The invention 
relates to methods, apparatus, and products for managing and administering a system for 
facilitating secure and selective access to network resources based on a role of a user of the 
resources (Column 1, lines 18-24). Win goes on to define the administration of privileges as 
follows: "An administrative privilege authorizes at least one administrative function. When the 
user requests the execution of an administrative function, the request is honored only when one 
of the user's administrative roles includes an administrative privilege that authorizes the 
requested administrative function." (Abstract). 

Win further discloses rules for defining roles for users when working for an organization as 
follows: "A Role may reflect a relationship of a User to the organization (employee, customer, 
distributor, supplier), their department within an organization (sales, marketing, engineering) or 
any other affiliation or function. ..that defines their information needs and thus their access rights 
or privileges. ..In some embodiments, the term User Type or Person Type refers to employees, 
directors, officers, contractors, customers, distributors, etc., and Role refers to a job function 
such as sales representative, financial analyst, etc." (Column 5, lines 2-8 & lines 18-21). Thus, 
as the disclosure described by Win above pertains to the usage of administrative privileges and 
authorizations with regard to the performance of specific functions within an organization, and, 
as such functions includes the user role of a financial analyst implicitly performing a finance- 
related function, it is therefore clear that the limitation of privileges and limitations for 
performing financial transactions is taught by Win. 

The Applicant further argues that Win's access control system does not include a hierarchical 
entitlement structure with inheritance. The Examiner respectfully disagrees. Win discloses a 
mechanism for governing access to information resources in which selective access is given to 
particular users (Column 2, lines 25-27) wherein the administration of access control to 
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resources is selectively delegated to multiple administrators (Column 2, lines 35-36). The 
selective delegation of access privileges by itself denotes a hierarchical structure within an 
organization where access is granted to some and not to others depending on the relationship of 
a user with an organization and the roles played within the organization as follows: " User are 
individuals who have a relationship with an organization and play various roles, and are 
registered in the system." (Column 4, lines 22-25). "Roles are defined by information 
identifying a name of a role and by a functional group in which the role resides. A functional 
group is often a department in which similar function exists. Examples of functional groups are 
Marketing, Sales, Engineering, Human Resources, and Operations. In some embodiments, the 
term User Type or Person Type refers to employees, directors, officers. ..etc." (Column 5, lines 
12-21). 

Win further discloses the passing on or "inheriting" of access or entitlement privileges within an 
organization with the following example: "Any user who is assigned the role of "Sales Manager" 
in the future will automatically have access to the "National Sales Report" resource. If the 
administrator later un-assigns "Sales Manager" from the "National Sales Report" resource, then 
all users associated with the "Sales Manager" role will automatically lose access to the 
resource." (Column 18, lines 25-34). Win clearly teaches the limitation comprising a hierarchical 
entitlement structure with inheritance. 

The Applicant further argues that although Rowe mentions the word "limit" it does not include 
features for defining and enforcing limits and that Rowe's "value limit" is a single value limit 
associated with a given financial account (e.g., bank account) and is not a limit which is tied to a 
user's role. Additionally, the combined references do not include any teaching of defining both 
per transaction limits and cumulative limits over a period of time. The Examiner respectfully 
disagrees. Rowe discloses wherein both transaction limits as well as cumulative limits are 
established for a financial transaction as follows: "In a step Sle, the account provider assigns 
the account with a maximum funds value or value limit... Most often, the maximum value will 
comprise the amount of an initial deposit into the account by the customer." (Paragraph 40). In 
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this case, a deposit into the account is allowed to accumulate up to the maximum deposit limit 
("cumulative limit") set by the account provider for the account. Also, the maximum number of 
transactions permitted ("per transaction limit") is limited only by the number of deposit 
transactions necessary to fund the account up to the maximum amount permitted for the 
account. 

Rowe also teaches wherein transaction limits are imposed by the account provider as follows: 
"This method comprises the steps of providing customer data to the account provider, 
establishing an account type, assigning a value limit for the account, depositing funds in the 
financial account in an amount not exceeding the value limit, assigning the financial account an 
expiration date after which access to the financial account is generally prohibited by a user..." 
(Abstract). In this case, the expiration date set by the account provider for transacting with the 
financial account serves the same purpose as limiting the number of transactions permitted for 
the account. 

In another instance, Rowe discloses wherein transaction limits and cumulative limits for the 
account provider to follow are set by the user of the account for as follows: "The customer may 
arrange the account such that funds are debited and transferred to the charity [or any other 
account] at one or more predetermined times and for one or more predetermined amounts." 
(Paragraph 35). In this case, an account is permitted to be transacted upon only during the 
periods or times set for transacting whereas the maximum amount(s) permitted during the 
processing of the account is limited by the user. 

The Applicant further argues that Rowe makes no mention of roles with permissions relating to 
the type and amount of financial transactions that may be performed by users having such 
roles. The Examiner respectfully disagrees. The Examiner recognizes that obviousness can only 
be established by combining or modifying the teachings of the prior art to produce the claimed 
invention when there is some teaching, suggestion, or motivation to do so found either in the 
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references themselves or in the knowledge generally available to one of ordinary skill in the art. 
See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988) and In re Jones, 958 F.2d 347, 
21 USPQ2d 1941 (Fed. Cir. 1992). 

In this case, Win discloses wherein roles and permission privileges govern access to resources 
and functions within an organization which may include financial transactions (Column 5, lines 2- 
8 & lines 18-21). In a related endeavor, as discussed in the previous argument, Rowe discloses 
wherein limits are set for transacting in a financial account as follows: "This method comprises 
the steps of providing customer data to the account provider, establishing an account type, 
assigning a value limit for the account, depositing funds in the financial account in an amount 
not exceeding the value limit, assigning the financial account an expiration date after which 
access to the financial account is generally prohibited by a user..." (Abstract). As such, both Win 
and Rowe combined disclose the limitation wherein roles with permissions relating to the type 
and amount of financial transactions may be performed by users of the account. 

With respect to claims 2-3, 6, 9 and 17 rejected under 35 U.S.C. 103(a) as being unpatentable 
over Win (above) in view of Rowe (above), further in view of U.S. Patent 6,202,066 to Barkley 
(hereinafter "Barkley"), the Applicant argues the following: 

The Applicant further argues that Barkley's bottom-up approach to inheritance teaches away 
from Applicant's top-down inheritance methodology in which lower level entitlement groups 
inherit permissions from their parents subject to restrictions on such inherited permissions. The 
Examiner respectfully disagrees. Barkley discloses wherein permissions are inherited by an 
entitlement group from its parent entitlement group in a hierarchical entitlement structure as 
follows: "The capability for one role to inherit another role - that is, for example, while members 
of "manager" have their own permissions, they may also inherit those of "subordinate" - is a 
common feature of RBAC models. Such a "role hierarchy" is implemented by a strict partial 
ordering on the set of roles. One can think of role inheritance as the capability for one role to be 
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authorized for (or "included in") another role." (Column 9, lines 48-55); "Similarly, the members 
of branch_manager have permission to read the accounts directory and account files, and to 
read and delete suggestion files, as noted above, while the members of employee have 
permission to read all employee files, but do not have permission to access files or directories 
associated with Object Access Type accounts." (Column 12, lines 7-12). As such, Barkley's 
approach to inheritance describes an inheritance structure wherein roles occupying a higher 
level in the organization (e.g. "branch_manager") are permitted greater access privileges 
compared to roles occupying lower levels within the same organization (e.g. "members of 
employee") whose access privileges are more restricted. Thus Barkley's inheritance approach 
teaches a "top-down" inheritance methodology. 

The Office has thus given consideration to the remarks and amendments made to the pending 
set of claims, however, they are non-persuasive. Therefore, the rejection provided below for the 
current listing of claims is maintained. 



Claim Rejections - 35 USC §103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office Action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 102 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to 
which said subject matter pertains. Patentability shall not be negatived by the manner in 
which the invention was made. 
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6. Claims 1, 4-5, 7-8, 10-16 and 18-24 are rejected under 35 U.S.C. 103( a ) as being 
unpatentable over Win, U.S. 6,161,139 ("Win"), in view of Rowe, U.S. Pub 2002/0029339 ("Rowe"). 

7. With regard to claim 1, Win teaches the limitation of a computer-implemented method for 
-ee - <. :md enforcing entitlements for performance o 

comprising; 

* providing a hierarchical entitlement structure - - - - . 

for performing financial transactions (column 4, lines 22-26; column 5, lines 7-8); 

In response to a particular user request to perform . 

identifying the particular user's membership in a certain e::: * , ^ (column 5, 

lines 45-55); 

■ determin v tether to allow the particular user to perform the ■ , , . > - 
on p tisslo and >mits of said hierarchical entitlement structure applicable to the 

- - . 'Vfjce of the financial transaction (column 4, lines 15-18); 

■ .0 ; - , tor defining a plurality of entitlement groups of . 

- o (column 15, lines 15-21; column 4, lines 24-26). 

Win doesn't explicitly teach the limitation comprising ^ o ' N N . ^ 
transactions, and membership of each user. Rowe, however, makes this teaching (paragraph 
12, lines 5-13; paragraph 14). It would have been obvious to one of ordinary skill in the art at 
the time of the invention to combine the teaching of Rowe with those of Win as discussed 
above for the motivation of establishing entitlement to access the account (Rowe, abstract). 

8. With regard to claim 4, Win in view of Rowe teaches the limitation of claim 1 as described 
above. Win further teaches the limitation ivnere/f; ss/d step of defining a plurality or entitlement 
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(column 5, 

lines 22-29). 

9. With regard to claim 5, Win in view of Rowe teaches the limitation of claim 4 as described 
above. Win further teaches the limitation wherein ss/d step of oef/n/no a plurality of entitlement 
groups includes defining permissions to / < ^ s ^ ^ ^ (column 5, lines 
22-32). 

10. With regard to claim 7, Win in view of Rowe teaches the limitation of claim 4 as described 
above. Win doesn't explicitly teach the limitation wherein said limits comprise limitations on values of 
" , cia t dons to be performed. Rowe, however, makes this teaching (paragraph 12, lines 5- 
13, paragraph 14). It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the teaching of Rowe with those of Win as discussed above for the motivation of 
establishing entitlement to access the account (Rowe, abstract). 

11. With regard to claim 8, Win in view of Rowe teaches the limitation of claim 4 as described 
above. Win doesn't explicitly teach the limitation wherein said step of defining a plurality of 

's comprising a selected one of per-frar • 
cumulative limits over a period of time. Rowe, however, makes this teaching (paragraph 12, lines 5- 
13; paragraphs 14 and 43). It would have been obvious to one of ordinary skill in the art at the time 
of the invention to combine the teaching of Rowe with those of Win as discussed above for the 
motivation of facilitating a commercial transaction (Rowe, paragraph 14). 

12. With regard to claim 10, Win in view of Rowe teaches the limitation of claim 1 as described 
above. Win further teaches the limitation :/vf;ere/r; v step of 'defining a plurality of entidement 
groups includes defining limits applicable so individual users (column 16, lines 59-67). 
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13. With regard to claim 11, Win in view of Rowe teaches the limitation of claim 1 as described 
above. Win further teaches the limitation wherein siep ofdehn- ng a plurality of entctemenr 
group's includes denning iimtm applicable collectively to members of an entitlement group (column 16, 
lines 59-67). 

14. With regard to claim 12, Win in view of Rowe teaches the limitation of claim 1 as described 
above. Win further teaches the limitation wherein said step of defining a plurality of entitlement 

; of said particular entitlement group in said hierarchical end dement structure 
(column 16, lines 59-67). 

15. With regard to claim 13, Win in view of Rowe teaches the limitation of claim 1 as described 
above. Win doesn't explicitly teach the limitation further comprising troc , 1 

pet v . v ^eietmining compliance with limits, Rowe, however, makes this teaching 

(paragraph 103, lines 1-9; paragraph 149, lines 1-9). It would have been obvious to one of ordinary 
skill in the art at the time of the invention to combine the teaching of Rowe with those of Win as 
discussed above for the motivation of facilitating a commercial transaction (Rowe, paragraph 14). 

16. With regard to claim 14, Win in view of Rowe teaches the limitation of claim 13 as described 
above. Win doesn't explicitly teach the limitation to - ,v - 

c>ai transactions performed in cache for 
j-ice Rowe, however, makes this teaching (paragraph 103, lines 1-9; paragraph 
149, lines 1-9). It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the teaching of Rowe with those of Win as discussed above for the motivation of 
storing account information and receiving and transmitting account data such as data representing 
fund transfers and the like (Rowe, paragraph 103, lines 1-4). 
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17. With regard to claim 15, Win in view of Rowe teaches the limitation of claim 14 as described 
above. Win doesn't explicitly teach the limitation 

the particular user to perform the financial transaction includes determining whether any limits have 
been exceeded based on the running total values and the value of the financial transaction requested 
by the particular user, Rowe, however, makes this teaching (paragraph 103, lines 1-9; paragraph 149, 
lines 1-9). It would have been obvious to one of ordinary skill in the art at the time of the invention to 
combine the teaching of Rowe with those of Win as discussed above for the motivation of facilitating a 
commercial transaction (Rowe, paragraph 14). 

18. With regard to claim 16, Win in view of Rowe teaches the limitation of claim 1 as described 
above. Win further teaches the limitation further comprising: maintaining permission information for 
v \ * v % < ? the hierarchical entitlement structure in cache to impro » ystf. ? h > ru 
(column 2, lines 60-67; column 3, lines 1-7). 

19. With regard to claim 18, Win in view of Rowe teaches the limitation of claim 1 as described 
above. Win further teaches the limitation wherein permissions provided to an entitlement group 

v >. v v ^ * o -• «. * certain other entitlement group (column 2, lines 35-43; column 

24, lines 39-40). 

20. With regard to claim 19, Win in view of Rowe teaches the limitation of claim 18 as described 
above. Win further teaches the limitation i ?e ? pt n/s ons to administer a particular . . 

group include modifying permissions of said certain other entitlement group (column 2, lines 25-43). 

21. With regard to claim 20, Win in view of Rowe teaches the limitation of claim 18 as described 
above. Win further teaches the limitation wherein said permissions to administer a certain other 

minions 

to administer (column 24, lines 39-40; column 16, lines 59-64). 
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22. With regard to claim 21, Win in view of Rowe teaches the limitation of claim 1 as described 
above. Win further teaches the limitation wherein permissions provided to on entitlement group 

(column 15, lines 63-67). 

23. With regard to claim 22, Win in view of Rowe teaches the limitation of claim 21 as described 
above. Win further teaches the limitation 

v ^ >o missions to define a child entitlement group o* ^ . 
(column 16, lines 59-64). 

24. With regard to claim 23, Win in view of Rowe teaches the limitation of claim 1 as described 
above. Win further teaches the limitation of a ^ ^ ♦ ,o^e medium ha\ ing 

executable instructions for performing the method of claim 1 (column 25, lines 46-52). 

25. With regard to claim 24, Win in view of Rowe teaches the limitation of claim 1 as described 
above. Win further teaches the limitation of a downloadable set of processor-ex-. , o - 
for performing the method of claim 1 (column 25, lines 16-32). 



26. Claims 2-3, 6, 9 and 17 are rejected under 35 U.S.C. 103(a) as being unpatentable over Win, 
U.S. 6,161,139 ("W in" ), in view of Rowe, U.S. Pub 2002/0029339 ("R owe" ), and further in view of 
Barklev. U.S. 6.202.066 fBarkley"). 

27. With regard to claim 2, Win in view of Rowe teaches the limitation of claim 1 as described 
above. Win doesn't explicitly teach the limitation 

provides that a given entitlement group inherits permissions, provided to its parent entitlement group 
in said hierarchical enti'dament structure. Barkley, however, makes this teaching (column 9, lines 48- 
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60). It would have been obvious to one of ordinary skill in the art at the time of the invention to 
combine the teaching of Barkley with those of Win as discussed above for the motivation of knowing 
whether access is provided as a result of the permissions defined for the role or group itself or is 
based on permissions associated with inherited roles or groups (Barkley, column 10, lines 1-4). 

28. With regard to claim 3, Win in view of Rowe and further in view of Barkley teaches the 
limitation of claim 2 as described above. Win further teaches the limitation wherein said step of 

. ! of entitlement groups includes restrict>ny pe - ^ 
> ^ its \ -r-ni: entitlement group in said hierarchical ent:. •■ , (column 11, lines 

39-43; column 13, lines 14-15). 

29. With regard to claim 6, Win in view of Rowe teaches the limitation of claim 4 as described 
above. Win doesn't explicitly teach the limitation wherein at least some of said £>•.? ' . . ! o ^ . - 
represent dank accounts. Barkley, however, makes this teaching (column 11, table 1). It would have 
been obvious to one of ordinary skill in the art at the time of the invention to combine the teaching of 
Barkley with those of Win as discussed above for the motivation of effectuating bank policy (column 
11, lines 60-61). 

30. With regard to claim 9, Win in view of Rowe teaches the limitation of claim 1 as described 
above. Win doesn't explicitly teach the limitation , - % ' . » % 

to a selected one of functions of a financial 
- - . v ik Barkley, however, makes this teaching (column 11, 

lines 57-67; column 12, lines 1-32). It would have been obvious to one of ordinary skill in the art at 
the time of the invention to combine the teaching of Barkley with those of Win as discussed above for 
the motivation of implementing bank policy (Barkley, column 11, lines 57-59). 



Application/Control Number: 10/708,920 Page 14 

Art Unit: 3692 

31. With regard to claim 17, Win in view of Rowe teaches the limitation of claim 16 as described 
above. Win doesn't explicitly teach the limitation wherein said permission information is modeled as 
three-tupies representing negative permissions. Barkley, however, makes this teaching (column 11, 
lines 57-67; column 12, lines 1-32). It would have been obvious to one of ordinary skill in the art at 
the time of the invention to combine the teaching of Barkley with those of Win as discussed above for 
the motivation of implementing bank policy (Barkley, column 11, lines 57-59). 

Conclusion 

THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of 
time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the 
mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date 
of this final action and the advisory action is not mailed until after the end of the THREE-MONTH 
shortened statutory period, then the shortened statutory period will expire on the date the advisory 
action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the 
mailing date of the advisory action. In no event, however, will the statutory period for reply expire 
later than SIX MONTHS from the date of this final action. 
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Any inquiry concerning this communication or earlier communications from the examiner should be 
directed to Clifford Madamba whose telephone number is 571-270-1239. The examiner can normally 
be reached on Mon-Thu 7:30-5:00 EST Alternate Fridays. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Kambiz 
Abdi, can be reached at 571-272-6702. The fax phone number for the organization where this 
application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained 
from either Private PAIR or Public PAIR. Status information for unpublished applications is available 
through Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the 
Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information system, call 800- 
786-9199 (IN USA OR CANADA) or 571-272-1000. 



Clifford Madamba 
Patent Examiner 

May 1, 2008 



/Susanna M. Diaz/ 

Primary Examiner, Art Unit 3692 



